An optional parameter to set the Customer-Supplied Encryption key.
Application developers can generate their own encryption keys to protect the data in GCS. This is known as a Customer-Supplied Encryption key (CSEK). If the application provides a CSEK, GCS does not retain the key. The object data, the object CRC32 checksum, and its MD5 hash (if applicable) are all encrypted with this key, and the key is required to read any of these elements back.
Care must be taken to save and protect these keys, if lost, the data is not recoverable. Also, applications should avoid generating predictable keys, as this weakens the encryption.
This option is used in read (download), write (upload), copy, and compose operations. Note that copy and compose operations use the same key for the source and destination objects.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-08 UTC."],[[["This document outlines the use of Customer-Supplied Encryption Keys (CSEK) in Google Cloud Storage (GCS) for enhanced data security."],["CSEK allows users to manage their own encryption keys, ensuring that GCS does not store them, and requiring the key for data access, including reading, writing, copying, and composing operations."],["The document lists versioned references for `EncryptionKey`, ranging from version 2.11.0 to 2.37.0-rc, and ending with version 2.24.0."],["The `EncryptionKey` class provides methods to generate encryption keys from binary or base64-encoded formats, with the key being 32 bytes when decoded."],["It is crucial to protect CSEKs, as lost keys will make the data unrecoverable, and applications should avoid predictable key generation to maintain strong encryption."]]],[]]